From owner-freebsd-questions Mon Jul 3 16:52:23 2000 Delivered-To: freebsd-questions@freebsd.org Received: from kestrel.prod.itd.earthlink.net (kestrel.prod.itd.earthlink.net [207.217.121.155]) by hub.freebsd.org (Postfix) with ESMTP id 0EBDE37BDF8 for ; Mon, 3 Jul 2000 16:52:20 -0700 (PDT) (envelope-from cjc@earthlink.net) Received: from dialin-client.earthlink.net (pool0812.cvx20-bradley.dialup.earthlink.net [209.179.253.47]) by kestrel.prod.itd.earthlink.net (8.9.3-EL_1_3/8.9.3) with ESMTP id QAA01105; Mon, 3 Jul 2000 16:52:18 -0700 (PDT) Received: (from cjc@localhost) by dialin-client.earthlink.net (8.9.3/8.9.3) id QAA00366; Mon, 3 Jul 2000 16:50:45 -0700 (PDT) Date: Mon, 3 Jul 2000 16:50:14 -0700 From: "Crist J. Clark" To: Bill Barnes Cc: freebsd questions Subject: Re: Ports via FTP Message-ID: <20000703165013.B248@dialin-client.earthlink.net> Reply-To: cjclark@alum.mit.edu References: <398FACC7@operamail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <398FACC7@operamail.com>; from bbarnes@operamail.com on Sun, Jul 02, 2000 at 04:37:10AM -0400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [some serious line-wrap damage from yuor mailer, Bill] On Sun, Jul 02, 2000 at 04:37:10AM -0400, Bill Barnes wrote: > >===== Original Message From cjclark@alum.mit.edu ===== > >On Sun, Jul 02, 2000 at 01:55:41AM -0400, Bill Barnes wrote: > >> I created the wrong impression. It isn't FreeBSD that I'm worried about, > it's > >> the crackers. > >> This afternoon and evening the download was stalled a lot and there is some > >> offline peparation time and I've read there is significant risk in > connecting > >> to the internet as root. > >> It doesn't matter too much right now because I just installed and haven't > >> anything to lose. I was logged in as root for other maintenance and, > frankly, > >> forgot about that until I started the ftp. > >> If i login as non-root, establish the internet connection, then su for the > ftp > >> process, does that eliminate the risk of 'root online'; or maybe I am > worried > >> about a non-problem. > > > >Hmmm... I'm still not quite understanding you. How do you log in as > >non-root to establish the Internet conncetion, _then_ ftp after su'ing > >to root. I mean, isn't the ftp connection the "Internet connection" we > >are talking about? > > > >Crist J. Clark cjclark@alum.mit.edu > > Here's the configuration I might use. > Login as non-root > In screen 1 connect to my ISP and in the same screen execute Netscape Despite what you are saying here, I think you are "connecting as root" to your ISP. Are we talking about userland ppp(8)? [101:~] ls -l /usr/sbin/ppp -r-sr-xr-- 1 root network 275756 Jun 3 19:27 /usr/sbin/ppp It's good that you are not running Netscape as root. > In screen 2 (for comfort) bring up xterm and su, ftp OK. > Now I can browse, email, whatever while the ftp process does its thing. Sure can. > Hence, I am connected to a trusted machine and who knows what else. That > sounds like my ftp connection is exposed thru the browser connections. But > isn't the ftp connection exposed to an intruder anyway. I'm not sure what all you are saying here. Your entire system has some level of exposure to the world since you are connected to the outside by your PPP link. There is no reasonable way that I can imagine that the ftp connection and anything that Netscape is doing could crossover. The ftp session would have its own TCP connections to the remote server, and the browser would be doing its own thing with its own TCP sessions. > Hope I don't appear too dense hear but I haven't the foggiest about cracker > technology. It sounds more like you don't really know how TCP works or the IP stack. That is no judgement on you; it's OK if you don't. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message